8 \S\ref{sec:boolex}. This time we do not commit ourselves to a particular |
8 \S\ref{sec:boolex}. This time we do not commit ourselves to a particular |
9 type of variables or values but make them type parameters. Neither is there |
9 type of variables or values but make them type parameters. Neither is there |
10 a fixed set of binary operations: instead the expression contains the |
10 a fixed set of binary operations: instead the expression contains the |
11 appropriate function itself.% |
11 appropriate function itself.% |
12 \end{isamarkuptext}% |
12 \end{isamarkuptext}% |
13 \isacommand{types}\ 'v\ binop\ =\ {"}'v\ {\isasymRightarrow}\ 'v\ {\isasymRightarrow}\ 'v{"}\isanewline |
13 \isacommand{types}\ {\isacharprime}v\ binop\ {\isacharequal}\ {\isachardoublequote}{\isacharprime}v\ {\isasymRightarrow}\ {\isacharprime}v\ {\isasymRightarrow}\ {\isacharprime}v{\isachardoublequote}\isanewline |
14 \isacommand{datatype}\ ('a,'v)expr\ =\ Cex\ 'v\isanewline |
14 \isacommand{datatype}\ {\isacharparenleft}{\isacharprime}a{\isacharcomma}{\isacharprime}v{\isacharparenright}expr\ {\isacharequal}\ Cex\ {\isacharprime}v\isanewline |
15 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ |\ Vex\ 'a\isanewline |
15 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ {\isacharbar}\ Vex\ {\isacharprime}a\isanewline |
16 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ |\ Bex\ {"}'v\ binop{"}\ \ {"}('a,'v)expr{"}\ \ {"}('a,'v)expr{"}% |
16 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ {\isacharbar}\ Bex\ {\isachardoublequote}{\isacharprime}v\ binop{\isachardoublequote}\ \ {\isachardoublequote}{\isacharparenleft}{\isacharprime}a{\isacharcomma}{\isacharprime}v{\isacharparenright}expr{\isachardoublequote}\ \ {\isachardoublequote}{\isacharparenleft}{\isacharprime}a{\isacharcomma}{\isacharprime}v{\isacharparenright}expr{\isachardoublequote}% |
17 \begin{isamarkuptext}% |
17 \begin{isamarkuptext}% |
18 \noindent |
18 \noindent |
19 The three constructors represent constants, variables and the application of |
19 The three constructors represent constants, variables and the application of |
20 a binary operation to two subexpressions. |
20 a binary operation to two subexpressions. |
21 |
21 |
22 The value of an expression w.r.t.\ an environment that maps variables to |
22 The value of an expression w.r.t.\ an environment that maps variables to |
23 values is easily defined:% |
23 values is easily defined:% |
24 \end{isamarkuptext}% |
24 \end{isamarkuptext}% |
25 \isacommand{consts}\ value\ ::\ {"}('a,'v)expr\ {\isasymRightarrow}\ ('a\ {\isasymRightarrow}\ 'v)\ {\isasymRightarrow}\ 'v{"}\isanewline |
25 \isacommand{consts}\ value\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequote}{\isacharparenleft}{\isacharprime}a{\isacharcomma}{\isacharprime}v{\isacharparenright}expr\ {\isasymRightarrow}\ {\isacharparenleft}{\isacharprime}a\ {\isasymRightarrow}\ {\isacharprime}v{\isacharparenright}\ {\isasymRightarrow}\ {\isacharprime}v{\isachardoublequote}\isanewline |
26 \isacommand{primrec}\isanewline |
26 \isacommand{primrec}\isanewline |
27 {"}value\ (Cex\ v)\ env\ =\ v{"}\isanewline |
27 {\isachardoublequote}value\ {\isacharparenleft}Cex\ v{\isacharparenright}\ env\ {\isacharequal}\ v{\isachardoublequote}\isanewline |
28 {"}value\ (Vex\ a)\ env\ =\ env\ a{"}\isanewline |
28 {\isachardoublequote}value\ {\isacharparenleft}Vex\ a{\isacharparenright}\ env\ {\isacharequal}\ env\ a{\isachardoublequote}\isanewline |
29 {"}value\ (Bex\ f\ e1\ e2)\ env\ =\ f\ (value\ e1\ env)\ (value\ e2\ env){"}% |
29 {\isachardoublequote}value\ {\isacharparenleft}Bex\ f\ e\isadigit{1}\ e\isadigit{2}{\isacharparenright}\ env\ {\isacharequal}\ f\ {\isacharparenleft}value\ e\isadigit{1}\ env{\isacharparenright}\ {\isacharparenleft}value\ e\isadigit{2}\ env{\isacharparenright}{\isachardoublequote}% |
30 \begin{isamarkuptext}% |
30 \begin{isamarkuptext}% |
31 The stack machine has three instructions: load a constant value onto the |
31 The stack machine has three instructions: load a constant value onto the |
32 stack, load the contents of a certain address onto the stack, and apply a |
32 stack, load the contents of a certain address onto the stack, and apply a |
33 binary operation to the two topmost elements of the stack, replacing them by |
33 binary operation to the two topmost elements of the stack, replacing them by |
34 the result. As for \isa{expr}, addresses and values are type parameters:% |
34 the result. As for \isa{expr}, addresses and values are type parameters:% |
35 \end{isamarkuptext}% |
35 \end{isamarkuptext}% |
36 \isacommand{datatype}\ ('a,'v)\ instr\ =\ Const\ 'v\isanewline |
36 \isacommand{datatype}\ {\isacharparenleft}{\isacharprime}a{\isacharcomma}{\isacharprime}v{\isacharparenright}\ instr\ {\isacharequal}\ Const\ {\isacharprime}v\isanewline |
37 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ |\ Load\ 'a\isanewline |
37 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ {\isacharbar}\ Load\ {\isacharprime}a\isanewline |
38 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ |\ Apply\ {"}'v\ binop{"}% |
38 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ {\isacharbar}\ Apply\ {\isachardoublequote}{\isacharprime}v\ binop{\isachardoublequote}% |
39 \begin{isamarkuptext}% |
39 \begin{isamarkuptext}% |
40 The execution of the stack machine is modelled by a function |
40 The execution of the stack machine is modelled by a function |
41 \isa{exec} that takes a list of instructions, a store (modelled as a |
41 \isa{exec} that takes a list of instructions, a store (modelled as a |
42 function from addresses to values, just like the environment for |
42 function from addresses to values, just like the environment for |
43 evaluating expressions), and a stack (modelled as a list) of values, |
43 evaluating expressions), and a stack (modelled as a list) of values, |
44 and returns the stack at the end of the execution---the store remains |
44 and returns the stack at the end of the execution---the store remains |
45 unchanged:% |
45 unchanged:% |
46 \end{isamarkuptext}% |
46 \end{isamarkuptext}% |
47 \isacommand{consts}\ exec\ ::\ {"}('a,'v)instr\ list\ {\isasymRightarrow}\ ('a{\isasymRightarrow}'v)\ {\isasymRightarrow}\ 'v\ list\ {\isasymRightarrow}\ 'v\ list{"}\isanewline |
47 \isacommand{consts}\ exec\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequote}{\isacharparenleft}{\isacharprime}a{\isacharcomma}{\isacharprime}v{\isacharparenright}instr\ list\ {\isasymRightarrow}\ {\isacharparenleft}{\isacharprime}a{\isasymRightarrow}{\isacharprime}v{\isacharparenright}\ {\isasymRightarrow}\ {\isacharprime}v\ list\ {\isasymRightarrow}\ {\isacharprime}v\ list{\isachardoublequote}\isanewline |
48 \isacommand{primrec}\isanewline |
48 \isacommand{primrec}\isanewline |
49 {"}exec\ []\ s\ vs\ =\ vs{"}\isanewline |
49 {\isachardoublequote}exec\ {\isacharbrackleft}{\isacharbrackright}\ s\ vs\ {\isacharequal}\ vs{\isachardoublequote}\isanewline |
50 {"}exec\ (i\#is)\ s\ vs\ =\ (case\ i\ of\isanewline |
50 {\isachardoublequote}exec\ {\isacharparenleft}i{\isacharhash}is{\isacharparenright}\ s\ vs\ {\isacharequal}\ {\isacharparenleft}case\ i\ of\isanewline |
51 \ \ \ \ Const\ v\ \ {\isasymRightarrow}\ exec\ is\ s\ (v\#vs)\isanewline |
51 \ \ \ \ Const\ v\ \ {\isasymRightarrow}\ exec\ is\ s\ {\isacharparenleft}v{\isacharhash}vs{\isacharparenright}\isanewline |
52 \ \ |\ Load\ a\ \ \ {\isasymRightarrow}\ exec\ is\ s\ ((s\ a)\#vs)\isanewline |
52 \ \ {\isacharbar}\ Load\ a\ \ \ {\isasymRightarrow}\ exec\ is\ s\ {\isacharparenleft}{\isacharparenleft}s\ a{\isacharparenright}{\isacharhash}vs{\isacharparenright}\isanewline |
53 \ \ |\ Apply\ f\ \ {\isasymRightarrow}\ exec\ is\ s\ ((f\ (hd\ vs)\ (hd(tl\ vs)))\#(tl(tl\ vs)))){"}% |
53 \ \ {\isacharbar}\ Apply\ f\ \ {\isasymRightarrow}\ exec\ is\ s\ {\isacharparenleft}{\isacharparenleft}f\ {\isacharparenleft}hd\ vs{\isacharparenright}\ {\isacharparenleft}hd{\isacharparenleft}tl\ vs{\isacharparenright}{\isacharparenright}{\isacharparenright}{\isacharhash}{\isacharparenleft}tl{\isacharparenleft}tl\ vs{\isacharparenright}{\isacharparenright}{\isacharparenright}{\isacharparenright}{\isachardoublequote}% |
54 \begin{isamarkuptext}% |
54 \begin{isamarkuptext}% |
55 \noindent |
55 \noindent |
56 Recall that \isa{hd} and \isa{tl} |
56 Recall that \isa{hd} and \isa{tl} |
57 return the first element and the remainder of a list. |
57 return the first element and the remainder of a list. |
58 Because all functions are total, \isa{hd} is defined even for the empty |
58 Because all functions are total, \isa{hd} is defined even for the empty |
62 with fewer than two elements on the stack. |
62 with fewer than two elements on the stack. |
63 |
63 |
64 The compiler is a function from expressions to a list of instructions. Its |
64 The compiler is a function from expressions to a list of instructions. Its |
65 definition is pretty much obvious:% |
65 definition is pretty much obvious:% |
66 \end{isamarkuptext}% |
66 \end{isamarkuptext}% |
67 \isacommand{consts}\ comp\ ::\ {"}('a,'v)expr\ {\isasymRightarrow}\ ('a,'v)instr\ list{"}\isanewline |
67 \isacommand{consts}\ comp\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequote}{\isacharparenleft}{\isacharprime}a{\isacharcomma}{\isacharprime}v{\isacharparenright}expr\ {\isasymRightarrow}\ {\isacharparenleft}{\isacharprime}a{\isacharcomma}{\isacharprime}v{\isacharparenright}instr\ list{\isachardoublequote}\isanewline |
68 \isacommand{primrec}\isanewline |
68 \isacommand{primrec}\isanewline |
69 {"}comp\ (Cex\ v)\ \ \ \ \ \ \ =\ [Const\ v]{"}\isanewline |
69 {\isachardoublequote}comp\ {\isacharparenleft}Cex\ v{\isacharparenright}\ \ \ \ \ \ \ {\isacharequal}\ {\isacharbrackleft}Const\ v{\isacharbrackright}{\isachardoublequote}\isanewline |
70 {"}comp\ (Vex\ a)\ \ \ \ \ \ \ =\ [Load\ a]{"}\isanewline |
70 {\isachardoublequote}comp\ {\isacharparenleft}Vex\ a{\isacharparenright}\ \ \ \ \ \ \ {\isacharequal}\ {\isacharbrackleft}Load\ a{\isacharbrackright}{\isachardoublequote}\isanewline |
71 {"}comp\ (Bex\ f\ e1\ e2)\ =\ (comp\ e2)\ @\ (comp\ e1)\ @\ [Apply\ f]{"}% |
71 {\isachardoublequote}comp\ {\isacharparenleft}Bex\ f\ e\isadigit{1}\ e\isadigit{2}{\isacharparenright}\ {\isacharequal}\ {\isacharparenleft}comp\ e\isadigit{2}{\isacharparenright}\ {\isacharat}\ {\isacharparenleft}comp\ e\isadigit{1}{\isacharparenright}\ {\isacharat}\ {\isacharbrackleft}Apply\ f{\isacharbrackright}{\isachardoublequote}% |
72 \begin{isamarkuptext}% |
72 \begin{isamarkuptext}% |
73 Now we have to prove the correctness of the compiler, i.e.\ that the |
73 Now we have to prove the correctness of the compiler, i.e.\ that the |
74 execution of a compiled expression results in the value of the expression:% |
74 execution of a compiled expression results in the value of the expression:% |
75 \end{isamarkuptext}% |
75 \end{isamarkuptext}% |
76 \isacommand{theorem}\ {"}exec\ (comp\ e)\ s\ []\ =\ [value\ e\ s]{"}% |
76 \isacommand{theorem}\ {\isachardoublequote}exec\ {\isacharparenleft}comp\ e{\isacharparenright}\ s\ {\isacharbrackleft}{\isacharbrackright}\ {\isacharequal}\ {\isacharbrackleft}value\ e\ s{\isacharbrackright}{\isachardoublequote}% |
77 \begin{isamarkuptext}% |
77 \begin{isamarkuptext}% |
78 \noindent |
78 \noindent |
79 This theorem needs to be generalized to% |
79 This theorem needs to be generalized to% |
80 \end{isamarkuptext}% |
80 \end{isamarkuptext}% |
81 \isacommand{theorem}\ {"}{\isasymforall}vs.\ exec\ (comp\ e)\ s\ vs\ =\ (value\ e\ s)\ \#\ vs{"}% |
81 \isacommand{theorem}\ {\isachardoublequote}{\isasymforall}vs{\isachardot}\ exec\ {\isacharparenleft}comp\ e{\isacharparenright}\ s\ vs\ {\isacharequal}\ {\isacharparenleft}value\ e\ s{\isacharparenright}\ {\isacharhash}\ vs{\isachardoublequote}% |
82 \begin{isamarkuptxt}% |
82 \begin{isamarkuptxt}% |
83 \noindent |
83 \noindent |
84 which is proved by induction on \isa{e} followed by simplification, once |
84 which is proved by induction on \isa{e} followed by simplification, once |
85 we have the following lemma about executing the concatenation of two |
85 we have the following lemma about executing the concatenation of two |
86 instruction sequences:% |
86 instruction sequences:% |
87 \end{isamarkuptxt}% |
87 \end{isamarkuptxt}% |
88 \isacommand{lemma}\ exec\_app[simp]:\isanewline |
88 \isacommand{lemma}\ exec{\isacharunderscore}app{\isacharbrackleft}simp{\isacharbrackright}{\isacharcolon}\isanewline |
89 \ \ {"}{\isasymforall}vs.\ exec\ (xs@ys)\ s\ vs\ =\ exec\ ys\ s\ (exec\ xs\ s\ vs){"}% |
89 \ \ {\isachardoublequote}{\isasymforall}vs{\isachardot}\ exec\ {\isacharparenleft}xs{\isacharat}ys{\isacharparenright}\ s\ vs\ {\isacharequal}\ exec\ ys\ s\ {\isacharparenleft}exec\ xs\ s\ vs{\isacharparenright}{\isachardoublequote}% |
90 \begin{isamarkuptxt}% |
90 \begin{isamarkuptxt}% |
91 \noindent |
91 \noindent |
92 This requires induction on \isa{xs} and ordinary simplification for the |
92 This requires induction on \isa{xs} and ordinary simplification for the |
93 base cases. In the induction step, simplification leaves us with a formula |
93 base cases. In the induction step, simplification leaves us with a formula |
94 that contains two \isa{case}-expressions over instructions. Thus we add |
94 that contains two \isa{case}-expressions over instructions. Thus we add |
95 automatic case splitting as well, which finishes the proof:% |
95 automatic case splitting as well, which finishes the proof:% |
96 \end{isamarkuptxt}% |
96 \end{isamarkuptxt}% |
97 \isacommand{by}(induct\_tac\ xs,\ simp,\ simp\ split:\ instr.split)% |
97 \isacommand{by}{\isacharparenleft}induct{\isacharunderscore}tac\ xs{\isacharcomma}\ simp{\isacharcomma}\ simp\ split{\isacharcolon}\ instr{\isachardot}split{\isacharparenright}% |
98 \begin{isamarkuptext}% |
98 \begin{isamarkuptext}% |
99 \noindent |
99 \noindent |
100 Note that because \isaindex{auto} performs simplification, it can |
100 Note that because \isaindex{auto} performs simplification, it can |
101 also be modified in the same way \isa{simp} can. Thus the proof can be |
101 also be modified in the same way \isa{simp} can. Thus the proof can be |
102 rewritten as% |
102 rewritten as% |
103 \end{isamarkuptext}% |
103 \end{isamarkuptext}% |
104 \isacommand{by}(induct\_tac\ xs,\ auto\ split:\ instr.split)% |
104 \isacommand{by}{\isacharparenleft}induct{\isacharunderscore}tac\ xs{\isacharcomma}\ auto\ split{\isacharcolon}\ instr{\isachardot}split{\isacharparenright}% |
105 \begin{isamarkuptext}% |
105 \begin{isamarkuptext}% |
106 \noindent |
106 \noindent |
107 Although this is more compact, it is less clear for the reader of the proof. |
107 Although this is more compact, it is less clear for the reader of the proof. |
108 |
108 |
109 We could now go back and prove \isa{exec (comp e) s [] = [value e s]} |
109 We could now go back and prove \isa{exec (comp e) s [] = [value e s]} |